LoadRunner Web-side performance test for HTTPS protocol (single-Way SSL)

1. Project background

1.1 Meaning and deployment of single-way SSL

One-way SSL is the HTTPS protocol we're talking about.

The feature is that the browser needs to request authentication server certificate;

The basic implication is that a secure communication channel, which is based on HTTP development, is used to exchange information between the client computer and the server. It uses Secure Sockets Layer (SSL) for information exchange, which simply means that it is a secure version of HTTP.

Two-way SSL as the name implies that both parties need to verify the certificate of the Protocol, the browser first to the server to request a certificate, and then the client needs to the browser to request the current login user's personal certificate authentication.

1.2 Basic deployment of the system

One-way SSL interaction process:

With one-way SSL, the request is delivered to Tomcat via virtual Host 2 only to complete the communication process.

Bidirectional SSL Interaction Process:

With two-way SSL, the request comes first to virtual Host 2, from virtual host 2rewrite to virtual Host 3, and then to Tomcat by virtual host 3. At the same time in virtual Host 3, the user certificate is placed in the parameter with the request passed to Tomcat.

1.3 Test background

To work with the certificate system, all requests on the system will be changed to use HTTPS for access. At the same time, in order to increase security and control the core operation of the system, the request should be graded control, that is, the normal operation is one-way SSL, the core operation is two-way SSL.

Systems requiring interaction: OSCP Server for online verification of certificate status.

2. Test Purpose

Main verification System:

(1). Evaluate if the system responds properly to the expected user size.

(2). Evaluate the difference between the system response after applying a single bidirectional SSL, and whether the associated server will affect the performance of the system.

(3). Analyze system bottlenecks in the case of progressively increasing loads.

(4). The performance of the system in the case of pressure.

(5). A system performance exception will occur if the module is running for a long time.

3. Test analysis

3.1 Scene Analysis

Assuming that according to the system analysis, the main test two scenarios, the first one-way SSL, landing scene, the second is two-way SSL, to download the file function. Assume that the estimated number of concurrent users is 10 people.

User behavior	Operation	Estimating Concurrent User Volume
Download file	Download by selecting the specified file	10
Landing	Fill in user name and password, login-Loading login interface	10

3.2 Test Module analysis

Load test: The main test of each scenario under normal conditions of operation, whether the system response is normal. And comparing the response difference after applying single-way SSL, it is concerned whether the related server will affect the performance of the system.

And in the case of increasing load, the bottleneck of the system is analyzed.

Stress test: Mainly investigate the performance of the system in the case of pressure, whether there will be abnormal behavior, and whether the abnormal after the occurrence of a timely response and to give friendly tips.

Long-time stability test: The main test system in the expected amount of user, over a period of time, whether it can be stable response. Focus on whether the memory leaks.

4. Test execution

Basic steps: Recording LoadRunner scripts--performing LoadRunner scenarios--analysis

In the test execution, we mainly talk about the problem of recording the script, about LoadRunner for single-bidirectional SSL script recording.

Mainly from the following aspects, how to export the browser certificate. CRT to. PEM, how to record a one-way SSL script, and how to record a two-way SSL script.

4.1 How to export a browser certificate. CRT conversion to. PEM

All blogs are said to be converted with OpenSSL . So where is OpenSSL?

A: This is usually under the Linux, no words yuminstall OpenSSL can be

What are the steps?

A: PFX extracts the public key private key method as follows:

OpenSSL pkcs12-in server.pfx-nodes-out TEMP.PEM// Generate temp file:temp.pem

OpenSSL rsa-in temp.pem-out server.key// Generate server Private key Server.key

OpenSSL x509-in temp.pem-out SERVER.PEM// Generate server Public key Server.pem

4.2 How do I record a one-way SSL script?

Just set LoadRunner, you can record HTTPS scripts directly in LR, just create new Scripts->web (http/html)->start record->options-> Port mapping under Netword, set to Winnetlevel data (2, runtime setting, Internet protocol->perference Select WinInet Replay INS Tead of sockets.)

4.3 How do I record two-way SSL scripts?

Since LR's mechanism is to interact with the server using the LR emulation browser, the certificate needs to be installed in

---------------------------------------------------------------------------------------------

1. Preparation of certificates

The common certificate is: *.pfx format, which can be installed on Internet Explorer by double-clicking the certificate. Users can use them when they visit.

But this kind of certificate is not the type used by LoadRunner, so it needs to be converted. Convert it to *.PEM format.

The conversion method is as follows:

? After installing OpenSSL

? Run the OpenSSL binaries for the C:\<openssl>/bin folder, which will start the OpenSSL command prompt

? Execute the following command: Pkcs12-in D:\test1.pfx-out d:\test01.pem–nodes

After execution, the Test01.pem file will be generated in the specified directory, which will be used when the next step is configured for LoadRunner.

2. LR Configuration

Start LoadRunner, open the recording option.

Notice the options in the Red box.

After selecting, click New Enty

The configuration in the red box is the IP and port number of the server, which can be configured according to the actual address required by the test.

Once configured, use specified CLIENT-SIDECERTIFICATE[BASE64/PEM] Hooks for access using client certificates.

Click... Select the client certificate that just converted the build.

If you have a password for the certificate, you also need to enter it here.

All configurations that are different from HTTP are complete.

After recording, you can see the LoadRunner newly generated statement at the beginning of the script

WEB_SET_CERTIFICATE_EX ("certfilepath=test01. Pem ",

"Certformat=pem",

"Keyfilepath=test01. Pem ",

"Keyformat=pem",

"Password=123456",

"Certindex=1",

last);

The following actions are the same as for normal page performance tests.

LoadRunner recording Htpps protocol opens the page via IE, error "Internet Explorer cannot display the webpage".

But open IE directly without LoadRunner open HTTPS page, but can open normally. The problem is resolved as follows (Windows 7): Execute: CMD and execute the command: Certutil-setreg chain\minrsapubkeybitlength 512 Restart the computer, problem solved.  Reference article: http://eyeontesting.com/questions/2758/loadrunner-vugen-cannot-record-secure-web-sites-ht.html Test WebService Encounter HTTPS request, is to add web_set_sockets_option ("Ssl_version", "TLS") before the transaction begins;

LoadRunner Web-side performance test for HTTPS protocol (single-Way SSL)